Last month, we had the pleasure of hosting a conversation with Max Schrems, renowned Austrian privacy lawyer, activist, and chairperson of the non-profit noyb, and Marie Fenner, Global SVP, Analytics at Piano.
Hosted by our CEO Romain Gauthier, the panel explored the state of privacy, the impact of privacy laws on marketing and analytics, and, of course, the future of EU-US data transfers.
Watch the replay below or keep reading for some of the highlights of the conversation.
Summary
- International data transfers
- Analytics, marketing, and privacy
- The future of data privacy and analytics
- Q&A and next steps
International data transfers
A natural place to start for the conversation is international data transfers, which have been challenged by Max Schrems repeatedly over the past ten years.
Asked about it by Romain Gauthier, who playfully compares the international data transfer saga to a Netflix show, Max Schrems argues that data localization shouldn’t be the main aim of data sovereignty and that the real conversation should be around the problem of the clash of jurisdiction.
The Austrian lawyer argues that the digital world went from no regulation to being regulated everywhere around the world, in many directions that make navigating the landscape extremely difficult.
On the specific topic of EU-US transfers, the issue lies in the way U.S.-based companies data handle data from citizens of other countries:
“Interestingly, we agree with the U.S. on how far surveillance should go online, and we have the same rules actually. In the U.S., under the 4th amendment, you also need probable cause and a judge that signs off on a wiretap.
What we disagree on is actually that the U.S. has all these rights only for U.S. citizens, and everybody else doesn't have any rights, so we can do as much surveillance as we want to, while also saying, ‘please give us the data because we're partners and we love each other.’
- Max Schrems, privacy lawyer and chairperson of the non-profit noyb
The noyb founder argues that a no-spy agreement should be in place between democratic countries and that it will become a business necessity in the next 20 years or so.
In the meantime, he recommends that organizations host their data in Europe in a localized version (once there is no access from the U.S. anymore) until a satisfactory partnership can be built.
After discussing the current patchwork of U.S. data privacy consumer laws, on the topic of the latest EU-US data transfer framework and when asked about the much-awaited reaction from noyb (Schrems III?), he shares that there are several paths to challenge the latest Data Privacy Framework (DPF), some of which he expects to take place in 2024:
“We would expect it to hit the Court of Justice at the latest in a year or so.”
- Max Schrems, privacy lawyer and chairperson of the non-profit noyb
Ending on a prediction, Max Schrems explains that in his opinion, the matter of EU-US data transfers is a political one, that will be solved by regulatory bodies and governments working together to come up with international agreements, something he doesn’t believe will happen in the next 10 or 20 years.
Analytics, marketing, and privacy
In the second section of the conversation, Romain Gauthier introduced himself and Marie Fenner, respectively CEO at Didomi and Global SVP, Analytics at Piano, as being part of the martech industry. In that capacity, they are both working very closely with marketing and analytics professionals trying to work with the important changes caused by data protection regulations worldwide.
Based on that expertise, the CEO introduces the notion of surveillance advertising and poses the question of whether this is one of the biggest threats to people’s privacy today.
To that, Max Schrems nuances that privacy is a highly cultural concept and that while privacy is a fundamental right, advertisement is only a small and relatively inconsequential subset of the threats that it is exposed to. From a legal perspective, he brings it all back to consent:
“I think the bottom line of that is that without consent, you can simply not do it. The simple answer will be: you need consent for that. You will need to explain to people what the benefit is. (...)
The more that can become part of the user experience, as it’s called, and put in a positive light or explain to people why there's a benefit for them, what’s in it for them, then we may get a more -let’s say- healthy transaction or less confrontative situation.”
- Max Schrems, privacy lawyer and chairperson of the non-profit noyb
On the note of consent and standards, Romain Gauthier highlights the work done by the advertising industry on the Transparency and Consent Framework (TCF).
While Max Schrems doesn’t have any extensive comments about the TCF in particular, he brings up the possibility of new tech initiatives, where internet browsers and Consent Management Platforms (CMP) could communicate directly, removing the need for consent banner, something that our Chief Privacy Officer, Thomas Adhumeau, has recently covered in an opinion piece about consent fatigue and the future of the AdTech industry.
Asked about the topic from her perspective as the Global SVP, Analytics at Piano, Marie Fenner mentions the large fines of recent years against Meta and others in Europe, Criteo in France, and highlights that in a very complex field like advertising, the key is to provide clarity and transparency to users:
“The most important in this complex advertising world is to make it really easy for people to understand what they’re consenting to, and to respect their choices. Permission-based marketing is a wonderful thing, a very powerful thing if you do it right.”
- Marie Fenner, Global SVP, Analytics at Piano
This is something we are aligned with at Didomi. Our Global Privacy UX Solutions are designed to help organizations put data privacy at the heart of their strategy, building a foundation of trust with their audience that will pay dividends down the line.
To learn more about our vision of Privacy UX at Didomi, head to our article:
{{what-is-privacy-ux}}
The future of data privacy and analytics
In the last section of the conversation, our speakers explore the overall data privacy spectrum and the potential impact of privacy-enhancing technologies (PET), technological innovations that aim to bring solutions to the data privacy challenges we’re observing today.
Max Schrems considers that these privacy-enhancing technologies are the way to go and that, at the core, the issue lies with education. He explains that most lawyers are not technically savvy enough to fully grasp these concepts, making the intersections of data privacy and technology complicated to navigate for many.
“In the long run, we would need lawyer/technologists mixes that can do that somewhat well, because it’s really hard as a lawyer to manage a topic that you don’t fully understand on the factual side of it.”
- Max Schrems, privacy lawyer and chairperson of the non-profit noyb
The privacy activist emphasizes that we all need to recognize that we're in the infant steps of a huge revolution, putting our digital age in perspective with the example of the Industrial Revolution that went on for 200 years.
Marie Fenner expresses that as an organization, collecting and owning first-party data in a safe environment is critical, which inspires Romain Gauthier to conclude the conversation:
“Let's make sure that whatever is built, end-users understand how it works and therefore trust it.”
- Romain Gauthier, co-founder and CEO at Didomi
Last words and next steps
After concluding the conversation, Max Schrems and Marie Fenner expressed their current priorities, and what noyb and Piano are working on, respectively.
To hear their last comments and access the Q&A in the chat, and in an effort to keep this article short and to the point, we invite you to check out the recording, available online now:
{{watch-our-conversation-with-max-schrems}}